CVE-2026-44076

MEDIUM NVD

CVSS Score 6.7

Severity MEDIUM

Published May 21, 2026

Vendor unknown

Description

Insufficient sanitization of volume paths in Netatalk 3.1.0 through 4.4.2 allows a local privileged user to inject OS commands and execute arbitrary code via a crafted volume path.

References

https://netatalk.io/security/CVE-2026-44076